Lucene search
K
NvdMost viewed

363836 matches found

NVD
NVD
added 2019/10/23 1:15 p.m.45 views

CVE-2019-10462

A cross-site request forgery vulnerability in Jenkins Dynatrace Application Monitoring Plugin 2.1.3 and earlier allowed attackers to connect to an attacker-specified URL using attacker-specified credentials...

8.1CVSS8AI score0.007EPSS
Exploits0References2
NVD
NVD
added 2019/10/17 7:15 p.m.45 views

CVE-2019-10752

Sequelize, all versions prior to version 4.44.3 and 5.15.1, is vulnerable to SQL Injection due to sequelize.json helper function not escaping values properly when formatting sub paths for JSON queries for MySQL, MariaDB and SQLite...

9.8CVSS9.9AI score0.01462EPSS
Exploits1References4
NVD
NVD
added 2019/09/16 6:15 p.m.45 views

CVE-2019-16370

The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900...

5.9CVSS5.9AI score0.01025EPSS
Exploits1References2
NVD
NVD
added 2019/09/08 11:15 p.m.45 views

CVE-2019-16117

Cross site scripting XSS in the photo-gallery 10Web Photo Gallery plugin before 1.5.35 for WordPress exists via admin/models/Galleries.php...

6.1CVSS5.2AI score0.04609EPSS
Exploits5References4
NVD
NVD
added 2019/08/27 6:15 p.m.45 views

CVE-2019-13267

TP-Link Archer C3200 V1 and Archer C2 V1 devices have Insufficient Compartmentalization between a host network and a guest network that are established by the same device. In order to transfer data from the host network to the guest network, the sender joins and then leaves an IGMP group. After i...

8.8CVSS8.7AI score0.00973EPSS
Exploits1References2
NVD
NVD
added 2019/08/23 1:15 p.m.45 views

CVE-2019-15485

Bolt before 3.6.10 has XSS via createFolder or createFile in Controller/Async/FilesystemManager.php...

6.1CVSS6.3AI score0.00861EPSS
Exploits0References2
NVD
NVD
added 2019/08/13 7:15 p.m.45 views

CVE-2019-10943

A vulnerability has been identified in SIMATIC Drive Controller family All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC incl. SIPLUS variants All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 incl. SIPLUS variants All versions = V20.8, SIMATIC S7-1200 CPU family incl. SIPL...

7.5CVSS7.3AI score0.00952EPSS
Exploits0References1
NVD
NVD
added 2019/07/17 8:15 p.m.45 views

CVE-2019-13577

SnmpAdm.exe in MAPLE WBT SNMP Administrator v2.0.195.15 has an Unauthenticated Remote Buffer Overflow via a long string to the CE Remote feature listening on Port 987...

9.8CVSS9.4AI score0.24403EPSS
Exploits5References4
NVD
NVD
added 2019/07/09 9:15 p.m.45 views

CVE-2019-11512

Contao 4.x allows SQL Injection. Fixed in Contao 4.4.39 and Contao 4.7.5...

9.8CVSS9.7AI score0.01462EPSS
Exploits0References1
NVD
NVD
added 2019/04/19 10:29 p.m.45 views

CVE-2019-11354

The client in Electronic Arts EA Origin 10.5.36 on Windows allows template injection in the title parameter of the Origin2 URI handler. This can be used to escape the underlying AngularJS sandbox and achieve remote code execution via an origin2://game/launch URL for QtApplication QDesktopServices...

7.8CVSS8.1AI score0.23129EPSS
Exploits7References12
NVD
NVD
added 2019/03/27 6:29 p.m.45 views

CVE-2019-1000031

A disk space or quota exhaustion issue exists in article2pdfgetfile.php in the article2pdf Wordpress plugin 0.24, 0.25, 0.26, 0.27. Visiting PDF generation link but not following the redirect will leave behind a PDF file on disk which will never be deleted by the plug-in...

7.5CVSS7.5AI score0.0373EPSS
Exploits2References3
NVD
NVD
added 2019/01/27 2:29 a.m.45 views

CVE-2019-6977

gdImageColorMatch in gdcolormatch.c in the GD Graphics Library aka LibGD 2.2.5, as used in the imagecolormatch function in PHP before 5.6.40, 7.x before 7.1.26, 7.2.x before 7.2.14, and 7.3.x before 7.3.1, has a heap-based buffer overflow. This can be exploited by an attacker who is able to trigg...

8.8CVSS8.6AI score0.65116EPSS
Exploits7References19
NVD
NVD
added 2019/01/13 2:29 a.m.45 views

CVE-2018-16887

A cross-site scripting XSS flaw was found in the katello component of Satellite. An attacker with privilege to create/edit organizations and locations is able to execute a XSS attacks against other users through the Subscriptions or the Red Hat Repositories wizards. This can possibly lead to...

5.4CVSS5.5AI score0.00999EPSS
Exploits1References2
NVD
NVD
added 2019/01/09 4:29 p.m.45 views

CVE-2019-5747

An issue was discovered in BusyBox through 1.30.0. An out of bounds read in udhcp components consumed by the DHCP client, server, and/or relay might allow a remote attacker to leak sensitive information from the stack by sending a crafted DHCP message. This is related to assurance of a 4-byte...

7.5CVSS7.3AI score0.04651EPSS
Exploits2References6
NVD
NVD
added 2018/12/07 7:29 p.m.45 views

CVE-2018-16861

A cross-site scripting XSS flaw was found in the foreman component of satellite. An attacker with privilege to create entries using the Hosts, Monitor, Infrastructure, or Administer Menus is able to execute a XSS attacks against other users, possibly leading to malicious code execution and...

7.6CVSS7.2AI score0.00878EPSS
Exploits0References2
NVD
NVD
added 2018/08/20 8:29 p.m.45 views

CVE-2018-1000225

Cobbler version Verified as present in Cobbler versions 2.6.11+, but code inspection suggests at least 2.0.0+ or possibly even older versions may be vulnerable contains a Cross Site Scripting XSS vulnerability in cobbler-web that can result in Privilege escalation to admin.. This attack appear to...

6.1CVSS6.9AI score0.01262EPSS
Exploits0References2
NVD
NVD
added 2017/11/10 2:29 a.m.45 views

CVE-2017-12783

The ReadDataFloat function in ebmlnumber.c in libebml2 through 2012-08-26 allows remote attackers to cause a denial of service assert fault via a crafted mkv file...

6.5CVSS6.2AI score0.02415EPSS
Exploits1References3
NVD
NVD
added 2017/09/01 1:29 p.m.45 views

CVE-2017-12870

SimpleSAMLphp 1.14.12 and earlier make it easier for man-in-the-middle attackers to obtain sensitive information by leveraging use of the aesEncrypt and aesDecrypt methods in the SimpleSAML/Utils/Crypto class to protect session identifiers in replies to non-HTTPS service providers...

5.9CVSS5.4AI score0.00875EPSS
Exploits0References1
NVD
NVD
added 2017/06/22 7:29 p.m.45 views

CVE-2015-9098

In Redgate SQL Monitor before 3.10 and 4.x before 4.2, a remote attacker can gain unauthenticated access to the Base Monitor, resulting in the ability to execute arbitrary SQL commands on any monitored Microsoft SQL Server machines. If the Base Monitor is connecting to these machines using an...

10CVSS9.9AI score0.14186EPSS
Exploits4References2
NVD
NVD
added 2016/10/14 4:59 p.m.45 views

CVE-2005-4900

SHA-1 is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of SHA-1 in TLS 1.2. NOTE: this CVE exists to provide a common identifier for referencing this SHA-1 issue; the existence of an identifier is...

5.9CVSS5.9AI score0.00938EPSS
Exploits0References11
NVD
NVD
added 2015/03/09 2:59 p.m.45 views

CVE-2014-3691

Smart Proxy aka Smart-Proxy and foreman-proxy in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and execute arbitrary API requests via a request without a certificate...

7.5CVSS7.5AI score0.01706EPSS
Exploits0References5
NVD
NVD
added 2014/09/22 3:55 p.m.45 views

CVE-2014-3595

Cross-site scripting XSS vulnerability in spacewalk-java 1.2.39, 1.7.54, and 2.0.2 in Spacewalk and Red Hat Network RHN Satellite 5.4 through 5.6 allows remote attackers to inject arbitrary web script or HTML via a crafted request that is not properly handled when logging...

4.3CVSS5.5AI score0.01759EPSS
Exploits0References5
NVD
NVD
added 2013/11/21 4:40 a.m.45 views

CVE-2013-6173

Multiple cross-site request forgery CSRF vulnerabilities in EMC Document Sciences xPression 4.1 SP1 before Patch 47, 4.2 before Patch 26, and 4.5 before Patch 05, as used in Documentum Edition, Enterprise Edition Publish Engine, and Enterprise Edition Compuset Engine, allow remote attackers to...

6.8CVSS7.2AI score0.01296EPSS
Exploits0References5
NVD
NVD
added 2013/10/19 10:36 a.m.45 views

CVE-2013-6021

Buffer overflow in WGagent in WatchGuard WSM and Fireware before 11.8 allows remote attackers to execute arbitrary code via a long sessionid value in a cookie...

9.3CVSS7.8AI score0.12203EPSS
Exploits7References7
NVD
NVD
added 2011/01/19 4:0 p.m.45 views

CVE-2010-3599

Unspecified vulnerability in the Oracle Document Capture component in Oracle Fusion Middleware 10.1.3.4 and 10.1.3.5 allows remote attackers to affect integrity and availability via unknown vectors related to Import Server. NOTE: the previous information was obtained from the January 2011 CPU...

9.4CVSS6.5AI score0.16177EPSS
Exploits5References8
NVD
NVD
added 2008/06/06 6:32 p.m.45 views

CVE-2008-2562

SQL injection vulnerability in edCss.php in PowerPhlogger 2.2.5 and earlier allows remote authenticated users to execute arbitrary SQL commands via the cssstr parameter in an edit action...

6.5CVSS7.9AI score0.00895EPSS
Exploits0References4
NVD
NVD
added 2007/05/09 5:19 p.m.45 views

CVE-2007-0609

Directory traversal vulnerability in Advanced Guestbook 2.4.2 allows remote attackers to bypass .htaccess settings, and execute arbitrary PHP local files or read arbitrary local templates, via a .. dot dot in a lang cookie, followed by a filename without its .php extension, as demonstrated via a...

5.1CVSS7.1AI score0.07506EPSS
Exploits2References9
NVD
NVD
added 2007/03/06 1:19 a.m.45 views

CVE-2006-7119

PHP remote file inclusion vulnerability in kernel/system/startup.php in J. He PHPGiggle 12.08 and earlier, as distributed on comscripts.com, allows remote attackers to execute arbitrary PHP code via a URL in the CFGPHPGIGGLEROOT parameter...

7.5CVSS7.6AI score0.02301EPSS
Exploits0References2
NVD
NVD
added 2006/09/15 10:7 p.m.45 views

CVE-2006-4828

PHP remote file inclusion vulnerability in zipndownload.php in PhotoPost 4.0 through 4.6 allows remote attackers to execute arbitrary PHP code via a URL in the PPPATH parameter...

7.5CVSS7.5AI score0.06362EPSS
Exploits1References4
NVD
NVD
added 2006/08/10 12:4 a.m.45 views

CVE-2006-4069

Multiple cross-site scripting XSS vulnerabilities in Elaine Aquino Online Zone Journals OZJournals 1.5 allow remote attackers to inject arbitrary web script or HTML via the 1 m and 2 c parameters in index.php, 3 a search action, and 4 a "submit comment" action...

4.3CVSS5.8AI score0.02386EPSS
Exploits1References6
NVD
NVD
added 2026/06/12 4:16 p.m.44 views

CVE-2026-48043

Netty is a network application framework for development of protocol servers and clients. In netty-codec-http2 prior to versions 4.1.135.Final and 4.2.15.Final, the DelegatingDecompressorFrameListener class orchestrates HTTP/2 decompression by embedding a per-stream EmbeddedChannel that runs the...

7.5CVSS0.00594EPSS
Exploits0References10
NVD
NVD
added 2026/05/24 11:16 a.m.44 views

CVE-2026-9373

A vulnerability has been found in JeecgBoot 3.9.1. This issue affects some unknown processing of the file /openapi/call/ of the component OpenAPI Endpoint. Such manipulation leads to improper authentication. The attack can be executed remotely. A high complexity level is associated with this...

6.3CVSS0.00357EPSS
Exploits0References3
NVD
NVD
added 2026/05/22 2:16 a.m.44 views

CVE-2026-33000

A malicious actor with access to the network and high privileges could exploit an Improper Input Validation vulnerability found in UniFi OS devices to execute a Command Injection...

9.1CVSS0.01248EPSS
Exploits0References1
NVD
NVD
added 2026/05/21 6:16 p.m.44 views

CVE-2026-48242

Open ISES Tickets before 3.44.2 contains hardcoded MySQL database connection credentials host, username, password, database name in importmdb.php. The credentials are embedded in source code committed to the public repository, allowing any reader of the source to obtain valid configuration values...

9.2CVSS0.00297EPSS
Exploits0References3
NVD
NVD
added 2026/05/15 7:16 a.m.44 views

CVE-2026-6646

The The7 theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'dtdefaultbutton' shortcode in all versions up to, and including, 14.3.2. This is due to insufficient input sanitization and output escaping on the 'title' component of the 'link' shortcode parameter. This makes it...

6.4CVSS0.00281EPSS
Exploits0References8
NVD
NVD
added 2026/05/15 2:16 a.m.44 views

CVE-2026-0438

A System Management Mode SMM handler could perform a callout to code located in non-SMM/untrusted memory. A highly privileged attacker could, with active user interaction and under high complexity and present preconditions, trigger execution of attacker-controlled code in SMM, potentially...

5.4CVSS0.00139EPSS
Exploits0References2
NVD
NVD
added 2026/05/14 9:16 p.m.44 views

CVE-2026-45781

The MCP Registry provides MCP clients with a list of MCP servers, like an app store for MCP servers. Prior to 1.7.9, OCI ownership validation skips label-match check when upstream OCI registry returns HTTP 429, letting any authenticated publisher bind their io.github./ namespace to OCI images the...

3.5CVSS0.00206EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.44 views

CVE-2026-44665

fast-xml-builder builds XML from JSON. Prior to 1.1.7, when an input data has quotes in attribute values but process entities is not enabled, it breaks the attribute value into multiple attributes. This gives the room for an attacker to insert unwanted attributes to the XML/HTML. This vulnerabili...

6.1CVSS0.00209EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 4:16 p.m.44 views

CVE-2026-43487

In the Linux kernel, the following vulnerability has been resolved: ata: libata-core: Disable LPM on ST1000DM010-2EP102 According to a user report, the ST1000DM010-2EP102 has problems with LPM, causing random system freezes. The drive belongs to the same BarraCuda family as the ST2000DM008-2FR102...

5.5CVSS0.00114EPSS
Exploits0References4
NVD
NVD
added 2026/05/12 11:16 a.m.44 views

CVE-2026-32684

The application does not impose strict enough restrictions on directory access permissions, posing a risk that other malicious applications could obtain sensitive information...

2.9CVSS0.00092EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 7:16 a.m.44 views

CVE-2026-0541

ACAP applications can gain elevated privileges due to improper input validation during the installation process, potentially leading to privilege escalation. This vulnerability can only be exploited if the Axis device is configured to allow the installation of unsigned ACAP applications, and if a...

7.3CVSS0.00096EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 7:16 a.m.44 views

CVE-2026-1681

Issuing an ICMP ping via the net ping shell command to a device's own IPv4 address causes the network stack to recursively re-enter the input path on the same system work-queue stack. Because the destination is recognized as a local address, both the echo request and the resulting echo reply are...

6.1CVSS0.00105EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 4:16 a.m.44 views

CVE-2026-7287

UNSUPPORTED WHEN ASSIGNED A buffer overflow vulnerability in the formWep, formWlAc, formPasswordSetup, formUpgradeCert, and formDelcert functions of the “webs” binary in Zyxel NWA1100-N customized firmware version 1.00AACE.1C0 could allow an attacker to trigger a denial-of-service DoS condition b...

7.5CVSS0.00309EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 10:22 p.m.44 views

CVE-2026-43873

WWBN AVideo is an open source video platform. In versions up to and including 29.0, plugin/CloneSite/cloneClient.json.php echoes the local CloneSite shared secret $objClone-myKey, a constant md5$global'systemRootPath' . $global'salt' into the HTTP response body on every unauthenticated request. T...

7.5CVSS0.00255EPSS
Exploits0References2
NVD
NVD
added 2026/05/11 6:16 p.m.44 views

CVE-2026-5266

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation Echo. This vulnerability is associated with program files includes/Api/ApiEchoNotifications.Php. This issue affects Echo: from before 1.43.7, 1.44.4, 1.45.2...

2.3CVSS0.00247EPSS
Exploits0References1
NVD
NVD
added 2026/05/11 2:16 a.m.44 views

CVE-2026-8263

A security flaw has been discovered in Tenda AC6 15.03.06.49multiTDE01. Affected is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet of the component httpd. Performing a manipulation of the argument mac/ssid results in os command injection. It is possible to initiate the attack...

9.8CVSS0.04554EPSS
Exploits1References5
NVD
NVD
added 2026/05/08 11:16 p.m.44 views

CVE-2026-41520

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.17.15, 1.18.9, and 1.19.3, the output of cilium-bugtool can contain sensitive data when the tool is run against Cilium deployments with WireGuard encryption enabled. This issue has been...

7.9CVSS0.00077EPSS
Exploits0References4
NVD
NVD
added 2026/05/08 7:16 a.m.44 views

CVE-2025-69599

RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to control the environment is a site-specific misconfiguration...

9.8CVSS0.00389EPSS
Exploits0References2
NVD
NVD
added 2026/05/08 7:16 a.m.44 views

CVE-2025-69690

Netgate pfSense CE 2.7.2 allows code execution by using the module installer with a backup file with a serialized PHP object containing the postrebootcommands property. NOTE: the Supplier disputes this because this installer is only available to admins and they are intentionally allowed to execut...

9.1CVSS0.00634EPSS
Exploits4References2
NVD
NVD
added 2026/05/06 12:16 p.m.44 views

CVE-2026-43247

In the Linux kernel, the following vulnerability has been resolved: media: chips-media: wave5: Fix SError of kernel panic when closed SError of kernel panic rarely happened while testing fluster. The root cause was to enter suspend mode because timeout of autosuspend delay happened. 48.834439...

5.5CVSS0.00121EPSS
Exploits0References3
Total number of security vulnerabilities5000